Urgent warning for millions of Gmail users over security flaw that could allow your Facebook to be hacked
Share this @internewscast.com

GMAIL users should be aware of a new security flaw that could allow Facebook accounts to be hacked.

The issue was revealed by researcher Youssef Sammouda who took to his blog to warn against using Gmail credentials to sign into Facebook.

A cyber security researcher discovered a new Gmail security flaw that could be used to hack Facebook accounts


A cyber security researcher discovered a new Gmail security flaw that could be used to hack Facebook accountsCredit: SOPA Images/LightRocket via Gett

Sammouda spoke with The Daily Swig to explain the implications of this bug.

According to the researcher, he was able to hijack the accounts of Facebook users who signed up through their Gmail credentials.

He said that he accomplished this by using a Google OAuth id_token/code to log in to the site.

This is called “open authorization.” It is a standard used by Amazon, Microsoft, Twitter, and other big names that allows users to link accounts to third-party sites by using log in information from one of these bigger sites, Forbes said.

That being said, this technique can apparently be used to hack other accounts not just Facebook, Sammouda said.

However, the tech vigilante may have prevented many users from being hacked.

Sammouda revealed that he was paid a $44,625 ‘bounty’ by Facebook after he shared his discovery.

He said that Facebook responded and implemented measures against the open authorization hack.

Forbes shared a statement from security provider Malwarebytes Labs regarding accounts that are linked through open authorization.

“Linked accounts were invented to make logging in easier,” said malware intelligence researcher Pieter Arntz.

“You can use one account to log in to other apps, sites and services… All you need to do to access the account is confirm that the account is yours.”

“We wouldn’t recommend it because if anyone gets hold of the one password that controls them all, you’re in even bigger trouble than you would be if only one site’s password is compromised,” he said.

This comes as Google recently issued an urgent security warning to billions of phone owners.

And Android users should check their phone right now for a huge security danger.

We pay for your stories!

Do you have a story for The US Sun team?

Share this @internewscast.com
You May Also Like

Peloton gears up to hike prices, lay off employees, and shutter stores

Peloton CEO Barry McCarthy had his job cut out for him when…

This Mac hacker’s code is so good, corporations keep stealing it

Patrick Wardle is known for being a Mac malware specialist — but…

How to cancel Apple TV Plus

APPLE TV+ is Apple’s answer to Netflix and Disney+, charging users a fee…

Ring’s new TV show sounds like a dystopian America’s Funniest Home Videos

Ring, the Amazon-owned home security company that’ll sell you a camera just…

Where to see Perseid meteor shower

STARGAZERS consider seeing the Perseid meteor shower as one of the highlights…

Why it’s taking so long to encrypt Facebook Messenger

After a high-profile incident in which subpoenaed Facebook messages led to felony…

Facebook robot brands Mark Zuckerberg as ‘creepy and manipulative’

FACEBOOK supremo Mark Zuckerberg is “creepy and manipulative” — according to one…

Rick and Morty are starting a podcast in first season 6 trailer

Though Rick and Morty’s fifth season tore its titular duo apart and…